guarantee RFC standardized hostname

Frank Sweetser fs at WPI.EDU
Wed Aug 24 23:50:36 UTC 2011 

On 8/24/2011 5:25 PM, Kevin Fitzgerald wrote:
> Hi Group,
>
> For quite some time we have been generating DHCP ddns hostnames as follows:
>
> if exists host-name {
>          ddns-hostname = concat (lcase (option host-name) , "-" ,
> binary-to-ascii(10 , 8 , "-" , leased-address));
>          }
>      else {
>          ddns-hostname = concat("dhcp-" , binary-to-ascii(10 , 8 , "-" ,
> leased-address));
>          }

I have to say, you're a *lot* more trusting than than we are here.  As a 
general principle, we never trust user data any more than we have to, and only 
after it's been through some form of strict sanitizing process, preferably a 
default-deny one.

> This is not an uncommon format.  It helps us ensure unique host names on our
> network.  Lately I notice a handful of user devices that present host names
> with invalid characters, such as android_blah or "nintendo 3ds" with a space
> in the middle (no quotes).
> What are you folks doing to mitigate this?  As it stands these users do not
> receive valid NS records and we get a bevy of log messages when illegal
> characters are in the hostname.
>
> - I have seen mention of the use of regex in the man pages for dhcp-eval.  Is
> there a method to examine the host-name for invalid characters, replacing them
> with a hyphen or otherwise?    (Is there REGEX evaluation available within
> dhcpd.conf)
> - if there is no way to do a character by character replace, can I fail down
> to my else condition, simply prepending dhcp- to the front of the IP address?

I'm assuming that you don't have any kind of pre-existing records for these 
hosts?  We track all hosts here, and force a hostname to be defined at 
registration time, with all of the usual validity and uniqueness checks.  We 
then feed this data into our dhcp configuration files, and all client supplied 
ddns hostname values are summarily ignored.

If that's not an option for you, I would do the second option, but go further. 
  Don't both with ddns at all - just dump in static DNS records for all of the 
IP addresses in your pools.  That way you don't have to depend on the ddns 
linkage between DNS and DHCP, and you don't burn CPU cycles always associating 
the same hostnames with the same IP addresses, and constantly trigger zone 
refreshes every time a laptop connects.

-- 
Frank Sweetser fs at wpi.edu    |  For every problem, there is a solution that
Manager of Network Operations   |  is simple, elegant, and wrong.
Worcester Polytechnic Institute |           - HL Mencken

More information about the dhcp-users mailing list